Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Switching method, device and system

A re-authentication and re-association technology, applied in the field of handover technology, can solve problems such as difficult physical security, high key management overhead, and limited network scale, and achieve small key security, fast and secure handover, and authentication delay small effect

Inactive Publication Date: 2010-04-14
HUAWEI DEVICE (SHENZHEN) CO LTD +1
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The inventor found that: since each AP may participate in the management of the master session key, the key management of this method is very complicated, and the key management overhead is large; since the PMK-R1 is distributed by the initial access AP, not by the AAA server Therefore, in order to ensure the safe distribution of PMK-R1, it is necessary to establish a security association between two APs, so there may be a situation where a security association needs to be established between any two APs, which limits the network scale
In addition, because the physical security of the AP is usually difficult to guarantee, there is a risk in pushing down the root key, that is, the MSK, to the AP. If the root key is leaked because the AP is compromised, all derived keys will be leaked

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Switching method, device and system
  • Switching method, device and system
  • Switching method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Embodiment 1, switching method. The flow of the switching method is attached Figure 1A shown.

[0038] exist Figure 1A , S100. During the handover process, the target AP receives the authentication request frame sent by the user terminal. The authentication request frame here carries the EAP start re-authentication packet, and the EAP start re-authentication packet can be Extensible Authentication Framework Re-authentication Protocol Information Element (ERPIE, extensible authentication framework re-authentication protocol information element or ERP information element or ERP information element) in the form of the authentication request frame, that is, the authentication request frame carries the ERP information element, and the EAP start re-authentication packet is encapsulated in the ERP information element. A specific example of ERP cells is attached Figure 1B shown.

[0039] Figure 1B The fields included in the ERP information element are: element identific...

Embodiment 2

[0055] Embodiment 2, switching method. The flow of the switching method is attached figure 2 shown.

[0056] exist figure 2 , S200. During the handover process, the user terminal sends an authentication request frame carrying an EAP start re-authentication packet to the target AP.

[0057] Specifically, the user terminal carries the EAP start re-authentication packet in the authentication request frame in the form of an ERP cell, that is, the authentication request frame carries the ERP cell containing the EAP start re-authentication packet. A specific example of the ERP information element carried in the authentication request frame is as in the above-mentioned embodiment for Figure 1B description and will not be repeated here.

[0058] S210. The user terminal sends a re-association request frame to the target AP after receiving the authentication response frame carrying the EAP end re-authentication packet sent by the target AP.

[0059] Specifically, after receiving...

Embodiment 3

[0068] Embodiment 3, switching method. The process of handing over the user terminal UE from AP1 to AP2 is shown in the attached image 3 shown.

[0069] exist image 3 , S300, UE and AP1 perform secure data transmission.

[0070] S310. After the UE decides to switch from AP1 to AP2, the UE sends an Authentication Request (authentication request) frame to AP2. The Authentication Request frame carries FT AuthenticationAlgorithm (FT Authentication Algorithm, FTAA), Mobility Domain Information Element (Mobility Domain Information Element, MDIE), Fast Transition Information Element (fast switching information element, FTIE) and ERPIE. The FTIE includes SNonce (such as a 256-bit random bit string provided by the user terminal), and the ERPIE includes an EAP Initiate Re-auth (EAP starts re-authentication) packet.

[0071] S320, AP2 receives the Authentication Request frame sent by the UE, and parses the frame to obtain an EAP Initiate Re-auth packet, AP2 re-encapsulates the EAP ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides switching method, device and system, wherein the switching method comprises the following steps: a target AP receives an authentication request frame sent from a user terminal and carrying an EAP starting reauthentication package and sends the EAP starting reauthentication package carried by the authentication request frame to an ERP server; the target AP acquires a reauthentication main session key and an EAP ending reauthentication package from a data package sent from the ERP server and sends an authentication response frame carrying the EAP ending reauthentication package; the target AP receives a reassociated request frame sent from the user terminal and sends a reassociated response frame to the user terminal; and the target AP uses the reauthentication main session key to derive a key used for realizing data communication with the user terminal after successful switching. The technical scheme of the information not only ensures key safety and less authentication delay, but also reduces the cost on key management and avoids network size limitation and other problems, thereby realizing quick and safe switching.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to switching technology. Background technique [0002] The Wireless Local Area Network (WLAN, WLAN) technology has gradually been widely used due to its advantages of high data transmission rate and easy deployment. In the process of large-scale popularization of WLAN technology, the security and authentication delay in the handover process of user terminals, that is, WLAN UE (WLAN User Equipment, hereinafter referred to as UE) have attracted much attention. [0003] The current handover method is: after the UE completes the first Extensible Authentication Framework (EAP) authentication in the mobile domain, the UE and the Home AAA Server (home domain AAA server, HAAA) each generate a Master Session Key (master session key) key, MSK), the initial access Access Point (access point, AP) receives the MSK sent by HAAA. The initial access AP and UE use MSK to derive Pairwise Mast...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04W12/04H04W12/06H04W12/08H04W36/08H04W12/0431
Inventor 姜奇李兴华芦翔马建峰罗耀平龙水平
Owner HUAWEI DEVICE (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com